API: Expose access locked state of users
What does this MR do and why?
Resolves #402992 (closed)
Add locked
(boolean) field to user JSON returned from the API. The value comes from access_locked?
method which is updated when the user's access is locked (e.g. failing to successfully login N times, logging in from an unknown IP, etc.).
The field is exposed to admins and normal users as requested (see #402992 (closed)).
How to set up and validate locally
-
Login with
root
and create a personal access token withapi
scope -
Run the following command on your terminal
curl -s --request GET --header "PRIVATE-TOKEN: <ROOT_PAT>" "http://localhost:3000/api/v4/users/1" | jq '.locked'
-
Validate that you get
false
(ortrue
if user with ID 1 is access locked) as the resultIf you don't have
jq
installed remove the| jq '.locked'
part and the output will look like:{"id":1,"username":"root","name":"Administrator","state":"active","locked":false ... }
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.